HealthBlawg :: David Harlow's Health Care Law Bloghttps://healthblawg.com
WE'VE MOVED! PLEASE RESUBSCRIBE AT:
http://feeds.healthblawg.com/healthblawg
for better functionality.
Current developments in health care law and policy together with the observations and analysis of David Harlow, principal of The Harlow Group LLC, a health care law and consulting firm based near Boston, Massachusetts.Mon, 11 Sep 2017 12:00:14 +0000en-UShourly1David HarlowDavid HarlowCreative Commons Attribution-Share Alike 3.0noDavid Harlow interviews thought leaders and newsmakers in health care law and policyDavid Harlow interviews thought leaders and newsmakers in health care law and policyCreative Commons Attribution-Share Alike 3.0HealthBlawg,healthcare,health,Harlow,policy,interviewHealthNews & PoliticsBusinessGovernment & OrganizationsScience & Medicine/MedicineHealthBlawg,healthcare,health,Harlow,policy,interviewhttp://creativecommons.org/licenses/by-nc-nd/2.0/http://harlowgroup.nethttp://healthblawg.typepad.com/.a/6a00d83451d52c69e20105364e3349970c-150wiDavid HarlowSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with My AOLSubscribe with BloglinesSubscribe with NetvibesSubscribe with GoogleSubscribe with PageflakesCurrent developments in health care law and policy together with the observations and analysis of David Harlow, principal of The Harlow Group LLC, a health care law and consulting firm based near Boston, Massachusetts.https://healthblawg.com/2017/09/hospital-employment-physicians.htmlRise in Hospital Employment of Physicians: What’s Good is Bad, What’s Bad is Goodhttp://feedproxy.google.com/~r/HealthBlawg/~3/lyksuG2mQYQ/healthblawg~Rise-in-Hospital-Employment-of-Physicians-Whats-Good-is-Bad-Whats-Bad-is-Good.html
http://feeds.healthblawg.com/~/458202344/_/healthblawg~Rise-in-Hospital-Employment-of-Physicians-Whats-Good-is-Bad-Whats-Bad-is-Good.html#respondMon, 11 Sep 2017 12:00:14 +0000David Harlowhttps://healthblawg.com/?p=5223

]]>http://feeds.healthblawg.com/~/458202344/_/healthblawg~Rise-in-Hospital-Employment-of-Physicians-Whats-Good-is-Bad-Whats-Bad-is-Good.html/feed0Physicians,Hospitals,Accountable Care Organization,Health Reform,Health care policy,Health Law,Health Insurance,Managed Care,Value Based Purchasing,Pay for performanceIn the plus ça change, plus c'est la meme chose department, I read Jay Hancock's recent piece on Kaiser Health News reviewing a Health Affairs paper about health system hiring of physicians and acquiring physician practices flying below the antitrust radar but nevertheless concentrating the supply of physicians in various markets nationwide and increasing the market power of the health systems as a result. Since each physician practice acquisition, each hiring of a physician fresh out of school, doesn't trigger antitrust review on its own, the broad shift has essentially gone unreviewed.
[H]ospitals owned 26 percent of physician practices in 2015, nearly double the portion from 2012. They employed 38 percent of all physicians in 2015, up from 26 percent three years earlier.
[O]nly 15 percent of the growth by the largest physician groups from 2007 to 2013 came from acquisitions of 11 doctors or more.
About half the growth of the big practices involved acquisitions of 10 or fewer doctors at a time. About a third of the growth came not from mergers but from hiring doctors out of medical school or other sources.
Yes, there are more physicians employed by health systems than there used to be, there are more physician practices that have been acquired by health systems, but looking at this just from an antitrust, market power, pricing perspective is taking too narrow a view. We need to step back and ask some fundamental questions:
- Why has there been this shift to physician employment? - Is hospital/health system employment of physicians inherently bad? - Would antitrust regulation of aggregation of providers prevent some ill that exists and that may be growing in our current system? - What are the other possible outcomes? Other possible structures?
To quote the poet: What's good is bad, what's bad is good. Historically, medicine has been practiced by small, independent physician practices. Over the past 50 years there have been a variety of forces influencing the shift in the landscape.
Managed care's rise in the 70s, including physician-employing pioneering HMOs, disrupted the previously dominant position of physicians in the health care ecosystem and the 20th century practice of health insurance companies paying physicians on the “usual, customary and reasonable” basis.
IPAs and PPMCs in the go-go '80s and '90s took two different paths to try to improve physicians' lots in the face of the rise of health care purchasers' power, in part by increasing market power of small practices while permitting them to retain a measure of autonomy. PHOs brought the hospitals into the mix as well. All in all, the health insurance companies were faced with formidable negotiating adversaries, even as activities of IPAs and PHOs had to be structured to work around antitrust concerns (witness the “messenger model”).
Antitrust law is a blunt instrument, and is a reasonable instrument to be using only if we believe that unfettered competition is the best way forward. However, the health care marketplace is so phenomenally regulated in so many different ways and is so messed up as a market for so many different reasons (e.g., the purchaser is not the consumer, there are great knowledge asymmetries, etc.). As a result, a pure free market seems an impossibility.
In the '90s, the Clinton health reform efforts coalesced around Alain Enthoven's concept of “managed competition,” which sought to rationalize the positive aspects of all that had gone before and create a new utopian ideal of providers, payers and intermediaries. (Worth a read because despite some of the quaintness we see when looking back at a 25-year-old cutting-edge document it's still, well, cutting-edge.)
We all know what happened there.
Under the ACA (for as long as we have the ACA to kick around), the value-based payment, pay-for-performance framework (percolating since the '90s), together with increasing regulation ... In the plus ça change, plus c'est la meme chose department, I read Jay Hancock's recent piece on Kaiser Health News reviewing a Health Affairs paper about health system hiring of physicians and acquiring physician practices flying below the ... David Harlowhttp://feeds.healthblawg.com/~/458202344/_/healthblawg~Rise-in-Hospital-Employment-of-Physicians-Whats-Good-is-Bad-Whats-Bad-is-Good.htmlhttps://healthblawg.com/2017/09/reducing-opioid-abuse.htmlReducing opioid abuse: multiple approacheshttp://feedproxy.google.com/~r/HealthBlawg/~3/DCvQLkULppg/healthblawg~Reducing-opioid-abuse-multiple-approaches.html
http://feeds.healthblawg.com/~/456678900/_/healthblawg~Reducing-opioid-abuse-multiple-approaches.html#respondSun, 03 Sep 2017 20:25:50 +0000David Harlowhttps://healthblawg.com/?p=5206

]]>http://feeds.healthblawg.com/~/456678900/_/healthblawg~Reducing-opioid-abuse-multiple-approaches.html/feed0Public Health,Prescription Drugs,Health care policy,Health LawThe opioid crisis has been upon us for years now, and we are now seeing the problem become more pervasive, with more than 90 deaths per day in the U.S. due to this scourge. The president recently said he would be declaring a public health emergency (which would free up some funds) but has not done so as of this writing. The public health threat is so persistent that it calls for responses on many levels, and those responses are coming. Some have been in place for a while, some are more recent. These responses may be broken down into a number of different categories:
- Broader availability of naloxone (antidote) and related training to first responders, health care providers and the general public (though of course in our litigious society, applicability of Good Samaritan laws to naloxone use by laypersons is a consideration) - Medication-assisted treatment following acute episodes (emergency room visits) - States imposing limits on prescribing and dispensing, mandating education and other innovations (for example, Massachusetts' first-in-the nation opioids law (including the first state law limiting most opioid prescriptions to a seven-day supply), enacted in 2015, with a follow-up law enacted in 2016 that among other things offers a system for recording and communicating a voluntary opiate “opt-out” for individuals); and limiting pharma payments to physicians in order to discourage incentives for high-prescriber status (current proposal in New Jersey) - Licensure and certification bodies imposing limits on prescribing and dispensing (state boards of registration in medicine, e.g., Ohio) and articulating management and operations frameworks for implementing those limits (Joint Commission) - PBMs establishing limits for dispensing (Express Scripts, CVS Caremark) - Payors imposing limits on payment (see, e.g., Cigna's opioid abuse detection and prevention program) - The FDA mandating prescriber training (it is also being urged to ban high-dose formulations) - Providers developing programs to limit the use of opioids in pain management along with specific targets on reduction in use (e.g., Intermountain) - Professional and industry associations providing training of clinicians in pain management without opioids, or with limited opioid use (e.g., Massachusetts Medical Society, Colorado Hospital Association)
The overarching goal is to eliminate the use of opiates for all but the most critical short-term needs (limiting prescriptions to a seven-day supply) and medically-appropriate chronic and palliative pain management. There are alternative pain relief drugs — and a wide variety of other treatments for pain, ranging from TENS to meditation to VR. Taken together, the initiatives highlighted and linked to above represent a good start. Of course, we need more than a good start, as the US consumes a wildly disproportionate share of opiates compared to other countries — follow link for some facts and figures — for predictable reasons of economics, politics and culture, and we are paying a staggering price in excess morbidity and mortality and in secondary effects (the effects on family and community).
We've gotten to this crisis point in part through the adoption of pain as a fifth vital sign (many have laid part of the blame at the feet of the Joint Commission, though the organization takes umbrage, pointing out that it described the practice rather than endorsing it, and also noting that the growth in opioid prescriptions predated its 2001 report on pain management). If pain is a vital sign, it must be addressed, and the healthcare-industrial complex has certainly addressed it. Oxycodone, hydrocodone, fentanyl and other opioid prescription volume went through the roof for acute pain and many, many people became addicted and have overdosed as a result. As noted in the articles linked to in the first line of this post, blame may be laid at the feet ... The opioid crisis has been upon us for years now, and we are now seeing the problem become more pervasive, with more than 90 deaths per day in the U.S. due to this scourge. The president recently said he would be declaring a public health emergency ... David Harlowhttp://feeds.healthblawg.com/~/456678900/_/healthblawg~Reducing-opioid-abuse-multiple-approaches.htmlhttps://healthblawg.com/2017/08/aco-savings-report.htmlACOs: Best Thing Since Sliced Bread, or Swiss Cheese?http://feedproxy.google.com/~r/HealthBlawg/~3/DbdGsttATCU/healthblawg~ACOs-Best-Thing-Since-Sliced-Bread-or-Swiss-Cheese.html
http://feeds.healthblawg.com/~/455038688/_/healthblawg~ACOs-Best-Thing-Since-Sliced-Bread-or-Swiss-Cheese.html#respondFri, 01 Sep 2017 00:35:38 +0000David Harlowhttps://healthblawg.com/?p=5194

]]>http://feeds.healthblawg.com/~/455038688/_/healthblawg~ACOs-Best-Thing-Since-Sliced-Bread-or-Swiss-Cheese.html/feed0Accountable Care Organization,Health Reform,CMS,Health care policy,Health Law,HHS,Value Based Purchasing,Pay for performance,OIGIt may not have the zing of a best-seller's title, but check out the latest report from the HHS OIG: Medicare Shared Savings Program Accountable Care Organizations Have Shown Potential for Reducing Spending and Improving Quality. While some coverage of the report has emphasized the $1 billion in savings the OIG identified over the first three years of the ACO program (2013-2015), the title of the report makes clear that the OIG is drawing only limited, measured, conclusions about ACO performance.
$1 billion sounds like a lot of savings until we put it in perspective: the total Medicare ACO spend for the three years studied was $168 billion — less than 10% of the total Medicare spend over that period. Even limiting ourselves to the ACO program, we see that $1 billion represents just a bit more than half a percent of the Medicare ACO spend for the study period. A rounding error. And this is before accounting for the spending undertaken by ACOs to organize themselves and by CMS to run the ACO program.
The potential for reducing spending is thus, ahem, limited. It looks somewhat better if we focus exclusively on “high-performing” ACOs, and OIG's point is that we should learn form the high performers, and improve on what they are doing, in order to bring the full benefits of the program to all. The high performing ACOs did better, but not that much better, financially, and they also did better on quality measures. There's more detail in the report. The key takeaways are that some ACOs did better than other ACOs and traditional FFS Medicare on reducing cost and improving quality.
ACOs did better than 80% of FFS Medicare providers on these measures:
- Hospital Readmissions - Screenings for Future Fall Risk - Primary Care Physicians Qualifying for EHR Incentive Payment - Depression Screenings and Followup Plan
The difference in most cases was not dramatic, and there were some measures on which the ACOs did worse than traditional FFS Medicare providers, too (e.g., patient satisfaction / patient experience).
All in all, not a ringing endorsement of the program that so many of us thought would represent a significant improvement in managing cost and quality of health care services for Medicare beneficiaries.
A recent positive self-evaluation of one ACO's experience has come under fire for not being quite so dispassionate.
Could greater transparency and closer to real-time reporting lead to better outcomes? Some interested parties believe that they are important must-haves, for ACOs and for other CMS quality incentive payment initiatives.
While the OIG seems to be urging CMS and the provider community to learn from high-performing ACOs and build upon modest successes, CMS (directed by a surgeon at the helm of HHS) seems intent on rolling back bundled payment initiatives that were due to be implemented by CMMI come January. (Price is opposed to expanding bundled payments even though some studies show their benefits.)
It is a trying time for provider organizations to do business with CMS. Even a company founded by a former HHS official now helping physician organizations run ACOs, while pursuing innovative care management strategies, has not been able to bring those ACOs into gainsharing territory.
Will the big bet on ACOs prove to be misplaced? Will ACOs be sunk by the lack of patient lock-in, high administrative costs, or inability to do a better job of reducing costs and improving quality? How much longer to we have to observe the market before making a decision to turn our focus elsewhere? Will Congress ever be able to make a “surgical strike” amending the ACA to remove ACOs from their vaunted position as an innovation project mandated by statute? Or will ACOs pull through and yield the benefits hoped for by their designers and advocates?
Stay tuned.
David Harlow
The Harlow Group LLC
Health ... It may not have the zing of a best-seller's title, but check out the latest report from the HHS OIG: Medicare Shared Savings Program Accountable Care Organizations Have Shown Potential David Harlowhttp://feeds.healthblawg.com/~/455038688/_/healthblawg~ACOs-Best-Thing-Since-Sliced-Bread-or-Swiss-Cheese.htmlhttps://healthblawg.com/2017/08/healthcare-social-media.htmlGive the People What They Want: Authentic Interaction and Compliant Communicationhttp://feedproxy.google.com/~r/HealthBlawg/~3/_m5Gu_jHY0M/healthblawg~Give-the-People-What-They-Want-Authentic-Interaction-and-Compliant-Communication.html
http://feeds.healthblawg.com/~/446063280/_/healthblawg~Give-the-People-What-They-Want-Authentic-Interaction-and-Compliant-Communication.html#respondThu, 24 Aug 2017 14:46:16 +0000David Harlowhttps://healthblawg.com/?p=5182

]]>http://feeds.healthblawg.com/~/446063280/_/healthblawg~Give-the-People-What-They-Want-Authentic-Interaction-and-Compliant-Communication.html/feed0Compliance,Digital Health,Participatory Medicine,Social Media,FTC,Health care policy,Health Law,Conference,Speaking,Privacy,Security,HIPAA
How do you reach out and touch someone (digitally, of course) and not run the risk of having the person you want to reach ignore you, or (metaphorically) slap your face or (still metaphorically here) call the cops?
You can be relevant or irrelevant, too open or not open enough. You can be affirming or you can be offensive. But you’re sitting at your keyboard or holding your smartphone, and your audience is in the ether. How do you know? How do you plan? How do you execute?
Do you plan for the mythical “reasonable person?” If not, how do you segment your audience? Who are the personas that your campaigns and other materials are trying to reach? What has to be redesigned and rewritten in order to work?
An example of a communication challenge
For example, information on a particular chronic disease needs to presented in a variety of ways in order to engage a variety of audiences. The mother of a child just diagnosed with diabetes is not looking for the same sort of information or communication as a thirtysomething person with diabetes – and thirtysomething persons with diabetes are not all the same: some have poorly-controlled diabetes with a poor understanding of what is needed to manage the condition more effectively, some are closed-loop quantified-self devotees, engaged patients par excellence.
Once you’ve figured out who it is you are trying to reach, you may have some terrific targeted messaging strategies and tactics ready to roll, but . . . you’re not home free yet.
The regulatory overlay
The second half of the social media planning puzzle is the regulatory overlay that is in some respects unique to healthcare. Yes, we all have privacy rights no matter what the context, but the stakes are higher in healthcare. And there are more interested parties peering over your shoulder, protecting those rights, and enforcing other rules, in various ways — hoping you do everything right, and ready to pounce if you don’t. It’s not just about HIPAA. There’s a slew of three-letter agencies that have something to say about what you’re writing, filming and posting, and about how you interact with others online.
HIPAA, HHS, FTC, IRS and NLRB
Inadvertently sharing one data point too many about one or more patients could have serious ramifications, starting with a potential HIPAA violation, but also including exposure to investigations and sanctions courtesy of a bevy of other state and federal regulators.
HIPAA is enforced by HHS (the US Department of Health and Human Services’ Office of Civil Rights).
The Federal Trade Commission (FTC) has broad discretion to regulate “unfair and deceptive business practices.” This has led it to regulate health data privacy and security and impose sanctions in some cases that are more severe than penalties for HIPAA violations. The FTC may decide to get involved particularly if your breaches affect a large group of individuals (consider the potential improper sharing of information out of a private Facebook patient group).
Other “privacy police” include your state attorney general.
Other enforcers with strong opinions about the nature of online communications permitted and restricted by your institution could include the IRS (if you work for a tax-exempt organization), the NLRB (if your organization has employees), and more.
Err on the side of caution
Given the potential for straying into regulatory minefields, it’s best to err on the side of caution, and to rely on some policy guardrails that can properly deal with most situations.
Authenticity and compliance. Two lodestones, often seen as pulling us in opposite directions: How can I communicate authentically if I need to worry about compliance? The challenge of course, is integrating your approach to these two core principles in order to give people what they want. At the end of the day, while ... How do you reach out and touch someone (digitally, of course) and not run the risk of having the person you want to reach ignore you, or (metaphorically) slap your face or (still metaphorically here) call the cops?
You can be relevant or ... David Harlowhttp://feeds.healthblawg.com/~/446063280/_/healthblawg~Give-the-People-What-They-Want-Authentic-Interaction-and-Compliant-Communication.htmlhttps://healthblawg.com/2017/08/charlottesville-healthreform-gop.htmlCharlottesville, Health Reform and the GOPhttp://feedproxy.google.com/~r/HealthBlawg/~3/DUqDpSl0Q28/healthblawg~Charlottesville-Health-Reform-and-the-GOP.html
http://feeds.healthblawg.com/~/443591678/_/healthblawg~Charlottesville-Health-Reform-and-the-GOP.html#commentsTue, 22 Aug 2017 12:43:13 +0000David Harlowhttps://healthblawg.com/?p=5164

]]>http://feeds.healthblawg.com/~/443591678/_/healthblawg~Charlottesville-Health-Reform-and-the-GOP.html/feed1Health Reform,Health care policy,Health Law45's public statements regarding Charlottesville are shocking, inexcusable, unforgivable, and members of the Republican establishment, inside and beyond the Beltway, have responded appropriately.
I applaud them for their responses in this instance, but I condemn them for going along to get along up until now.
Misogyny and sexism, class warfare and climate change denial weren't enough, despite the real harm caused by Agent Orange and those in his thrall. Nazism was the red line. Of course, Nazism is reprehensible, but 45 has crossed many red lines before he got to this one, and where was the outrage?
The immediate, widespread, vehement response to the last of this parade of horrible actions and statements seems to prove some twisted corollary of Godwin's Law.
What does this mean for those who were previously either GOP apologists for el jefe or those just holding their noses while trying to extract some benefit from the fact that their party holds both houses of Congress and the White House?
To me, it bespeaks a colossal abandonment of the public trust.
Exhibit A: Health care.
Health reform — repeal of Obamacare — as conceived by this barbaric Congress, supported by most of the folks now wagging their fingers at el presidente, would have caused more death and other grievous harm to more people, disproportionately people of color, by ripping a trillion dollars out of the Medicaid budget just for starters — than the whiny alt-right has thus far or is likely capable of killing and harming, even with the continued support of the goofball-in-chief.
The harm — including excess morbidity and mortality across the board, but likely concentrated in many of the populations targeted more explicitly by the alt-right — that would have been caused by ACA repeal is inarguable. (For starters, see these examples of the effects on Medicaid beneficiaries generally, lower income women, lower income elders, some of the CBO estimates and more on the effects of repeal from the Health Affairs blog and the Journal of Health Politics, Policy and Law.)
This leads me to conclude that the Republican leadership in Congress and elsewhere supported the ACA repeal efforts for one of two reasons: (1) They never believed the legislation would be enacted, and they were simply grandstanding for their “base,” who are apparently too confused to realize that repeal of Obamacare will harm most of them; or (2) They espouse the same policies of economic and racial elitism as 45 because it benefits them and theirs, and to hell with everyone else.
If their support is due to the first option above, then the ineluctable conclusion is that these elected officials are interested only in keeping themselves in office in order to enjoy the trappings of power and influence while in office, and to increase the payouts that come while in office and thereafter from their wealthy supporters who also benefit from appearing to pandering to the “base,” while in fact simply acting to line their own pockets to the detriment of the “base.”
If it's the second option that is driving these behaviors, then the Republican legislators are acting no less shamefully; they are simply being more honest with themselves. They're just acting in (not-so-enlightened) self-interest, or at least in the interest of their paymasters, the Koch brothers et al.
We could run through this analysis for every issue in every sector: stewardship of federal lands, environmental policy, etc., etc. It is difficult to tease out where the GOP pols are grandstanding to appease the base, and where they are truly supportive of the incoherent and arbitrary justifications for the many harmful proposed and already-implemented changes in policy.
The expressions of outrage from GOP leadership following 45's Charlottesville statements ring hollow to me. They are no better than the “thoughts and ... 45's public statements regarding Charlottesville are shocking, inexcusable, unforgivable, and members of the Republican establishment, inside and beyond the Beltway, have responded appropriately.
I applaud them for their responses in this ... David Harlowhttp://feeds.healthblawg.com/~/443591678/_/healthblawg~Charlottesville-Health-Reform-and-the-GOP.htmlhttps://healthblawg.com/2017/07/counting-marketplace-participation.htmlCounting noses at the county level: Marketplace participationhttp://feedproxy.google.com/~r/HealthBlawg/~3/V49mC1SzOGU/healthblawg~Counting-noses-at-the-county-level-Marketplace-participation.html
http://feeds.healthblawg.com/~/403544858/_/healthblawg~Counting-noses-at-the-county-level-Marketplace-participation.html#respondWed, 19 Jul 2017 17:20:30 +0000David Harlowhttps://healthblawg.com/?p=5150

]]>http://feeds.healthblawg.com/~/403544858/_/healthblawg~Counting-noses-at-the-county-level-Marketplace-participation.html/feed0Health Reform,Health Insurance Exchange,Health care policy,Health Law,Health InsuranceThere's good news, and there's bad news.
The bad news is that as of this writing 40 counties (across Indiana, Ohio and Nevada) have no insurers committed to sell exchange plans in 2018. Assuming we end the year with at least one insurer committed to each county, the overall picture will look something like this:
More counties will have only one insurer:
- The share of U.S. counties with one insurer will probably increase from about one-third to closer to 45 percent. - In terms of people, while close to 20 percent of the population live in a county with one insurer now, it may be closer to 25 percent next year.
Fewer counties will have many insurers from which to choose:
- While almost a third of counties (31%) have three or more insurers now, that is projected to be more like 25 percent in 2018. - The share of people living in counties with three or more insurers is projected to drop from about 60 percent to a little more than half next year.
Some state regulators have cajoled carriers into plugging the holes, and some observers think that behavior will continue.
A piece posted by RWJF argues that while we continue to count noses at the county level, we should be mindful of an important broad trend: “The role of national commercial insurers in the individual market will be truly negligible.”
Of the more than 700 county-level exits announced thus far this year, more than 65 percent came from national commercial carriers. Humana and Aetna have completely exited the exchanges, and United is virtually gone. Cigna will likely remain in a small number of states. Anthem, which functions as a blue plan, has also significantly pruned its participation in a number of states. At this writing, national commercial insurers (excluding Anthem) comprise less than 2 percent of county offerings. This continues but sharply accelerates a trend which began in earnest in 2015. Even that high point marked a notable decline from 2013.
Local plans that remain committed to the individual market at the state and county level have strong ties to those local markets, and are less likely to pull out. They are also more likely to have a good grasp of the market and to be able to perform well even under stress.
While it is undeniably critical that plans be offered in all counties, the bare counties tallied as of last week are home to just 0.4% of the U.S. population. Now that both the “repeal and replace” and “repeal now, replace later” legislative initiatives appear to have been derailed, perhaps the federales could focus on “repair and improve” initiatives designed to support the systems put in place by the ACA and that are now under siege by elements in the Administration and in Congress that are hostile to the ACA. Here's hoping that the interests of constituents can come to the fore, and the rhetorical interests can take a back seat.
David Harlow
The Harlow Group LLC
Health Care Law and Consulting There's good news, and there's bad news.
The bad news is that as of this writing 40 counties (across Indiana, Ohio and Nevada) have no insurers committed to sell exchange plans in 2018. Assuming we end the year with at least one insurer committed ... David Harlowhttp://feeds.healthblawg.com/~/403544858/_/healthblawg~Counting-noses-at-the-county-level-Marketplace-participation.htmlhttps://healthblawg.com/2017/07/ransomware-harlow-press.htmlKeep it Clean: Ransomware and David Harlow in the Presshttp://feedproxy.google.com/~r/HealthBlawg/~3/PJeR5xAKke0/healthblawg~Keep-it-Clean-Ransomware-and-David-Harlow-in-the-Press.html
http://feeds.healthblawg.com/~/402429102/_/healthblawg~Keep-it-Clean-Ransomware-and-David-Harlow-in-the-Press.html#commentsMon, 17 Jul 2017 14:06:52 +0000David Harlowhttp://healthblawg.com/?p=5134

]]>http://feeds.healthblawg.com/~/402429102/_/healthblawg~Keep-it-Clean-Ransomware-and-David-Harlow-in-the-Press.html/feed1Compliance,Health care policy,Health Law,Privacy,SecurityI wrote a piece for HealthTech recently, arguing that healthcare organizations must practice better data hygiene to stay ahead of looming cyberthreats, noting that cybersecurity in healthcare is not just an IT problem, and that we need a cultural shift in emphasis parallel to the paradigm shift we have seen in the way we have collectively dealt with healthcare-associated infections (HAIs).
What Cybersecurity Can Learn from Modern Medicine
Healthcare’s ongoing cybersecurity plague closely resembles another challenge the industry previously perceived as insurmountable: the spread of healthcare-associated infections. Through the past decade, however, organizations stopped accepting HAIs as a certainty.
Three factors drove the change:
- Unambiguous financial incentives: The federal government changed Medicare rules and no longer reimburses hospitals for the cost of preventable hospitalizations. - Building and sharing tools: Development of public and private sector HAI prevention programs, broad dissemination of key learning, guidelines and checklists, and sharing of experiences. - Leadership and drawing a line in the sand: When a health system CEO says, “We will eliminate all central line infections in our system within three years,” things happen.
We know what we need to do; we just need to do it. ________________________________________________________
Tune in to past and future HIPAA Chat webinars & web radio broadcasts ________________________________________________________
After the Eternal Blue exploits WannaCry and NotPetya hit, I spoke with Part B News for a piece on the new status quo in ransomware and approaches to take in minimizing exposure (behind paywall). These include some real basic stuff — but major multinational corporations, large government agencies and health care organizations failed to take some of these steps and got burned:
- Patch your OS and software. - Limit the ability of end users to install software — either don't let them do it at all, or limit their choices to whitelisted programs screened by IT security staff. - Remember — not all IT professionals are IT security professionals. Bring in the right resources for the job. - Not all systems or all staff need access to all data. Minimize the data used in any one system, limit data exposed to view in any way from beyond the internal network, and make sure that backup systems are isolated (air-gapped) so that they don't get automatically infected in production systems are infected. - Limit certain privileges to a per use basis, not even a per-user basis, and sunset passwords, so that sensitive data is less exposed. - Use creative training techniques, including fake phishing emails that lead to training sites if opened and clicked. (Better than using the same online preso and quiz you used last year.)
In the end, the bottom line is, well, the bottom line:
Establishing a culture of compliance is critical to increasing funding for implementation, and that starts at the top. Executives, therefore, must commit publicly to eliminate all preventable data breaches. Committing to do better is the first step to becoming better.
David Harlow
The Harlow Group LLC
Health Care Law and Consulting I wrote a piece for HealthTech recently, arguing that healthcare organizations must practice better data hygiene to stay ahead of looming cyberthreats, noting that cybersecurity in healthcare is not just an IT problem, and that we need a cultural ... David Harlowhttp://feeds.healthblawg.com/~/402429102/_/healthblawg~Keep-it-Clean-Ransomware-and-David-Harlow-in-the-Press.htmlhttps://healthblawg.com/2017/07/interoperability-second-act.htmlInteroperability’s Second Acthttp://feedproxy.google.com/~r/HealthBlawg/~3/Xgy8LWnpv0Q/healthblawg~Interoperabilitys-Second-Act.html
http://feeds.healthblawg.com/~/402429104/_/healthblawg~Interoperabilitys-Second-Act.html#respondWed, 12 Jul 2017 22:07:33 +0000David Harlowhttp://healthblawg.com/?p=5125

]]>http://feeds.healthblawg.com/~/402429104/_/healthblawg~Interoperabilitys-Second-Act.html/feed0HIT,EHR,Health care policy,Health Law,ONC,HHSThe 21st Century Cures Act set the table for development of new interoperability standards, in the form of a “trusted exchange framework and common agreement,” and the federales are ginning up the apparatus to receive input from interested parties. The first listening session is scheduled for later this month (July 24) and will be webcast. There are two more listening sessions scheduled, and ONC plans to have a regulatory proposal out by the end of the calendar year.
These meetings will allow us to gather information about successful network to network exchange of health information, as outlined in the Cures Act. As part of the first meeting, ONC will share the results of a recent analysis of existing frameworks that support the interoperable flow of health information across disparate networks and supportive principles related to enabling trusted exchange nationally.
Following the kick-off meeting, ONC will begin a 30-day public comment period for stakeholders to provide feedback on how best to support or develop the trusted exchange framework and common agreement called for in Cures. ONC will establish an online process for comment submission and will share more details on July 24th and at HealthIT.gov.
ONC recently offered some insight into its focus in developing the new regulations:
Broadly, the ONC is focusing on three interoperability use cases: patient access to data—including how to easily transfer health information from on provider to another; enterprise accountability to ensure providers can access data in bulk to use analytics; and open competition and access to application programming interface (API).
Earlier today, I moderated a webinar on the issues surrounding interoperability in health IT, and the expert consensus was that the marketplace is taking care of this issue. Yes, there will be new government standards, but market leaders on both the health IT side and on the provider side have not been waiting for the federales to establish new standards; they are building solutions and are engaged in the business of managing patients and populations using tools that are already available. Perhaps the regulatory push will create greater impetus form more market participants to get involved.
Update 7/17/2017: Here's the webinar for your viewing and listening pleasure:
If you are interested in either proceeding independently or putting together a group of like-minded folk to work together and submit comments to ONC on what the new standards should look like, please let me know if I may be of service.
David Harlow
The Harlow Group LLC
Health Care Law and Consulting The 21st Century Cures Act set the table for development of new interoperability standards, in the form of a “trusted exchange framework and common agreement,” and the federales are ginning up the apparatus to receive input from ... David Harlowhttp://feeds.healthblawg.com/~/402429104/_/healthblawg~Interoperabilitys-Second-Act.htmlhttps://healthblawg.com/2017/06/future-before-america.htmlBack to the Future: Before America was Great (Again)http://feedproxy.google.com/~r/HealthBlawg/~3/CUt9xKGNy4Y/healthblawg~Back-to-the-Future-Before-America-was-Great-Again.html
http://feeds.healthblawg.com/~/380575100/_/healthblawg~Back-to-the-Future-Before-America-was-Great-Again.html#commentsFri, 23 Jun 2017 13:39:28 +0000David Harlowhttp://healthblawg.com/?p=5104

]]>http://feeds.healthblawg.com/~/380575100/_/healthblawg~Back-to-the-Future-Before-America-was-Great-Again.html/feed3Health Reform,Health care policy,Health LawLBJ supported the Great Society programs of the 1960s and got them through Congress doing what he did best: buttonholing and strong-arming his former colleagues on the Hill. He knew this victory would come at a cost — a loss of Democratic control of Southern Congressional seats and state houses — but he probably would not have predicted the way in which the chickens have come home to roost.
In taking the latest step towards dismantling the Affordable Care Act, the Senate Republicans have reneged on promises to not build on the House bill and go their own way, and have released a draft Senate bill, concocted in secret, that hews closely to the House bill. (Why? Because this whole exercise has to run as a “budget reconciliation” drill that frees Republicans from having to worry about getting an unattainable 2/3 majority to support it. Query whether all provisions of the bill actually qualify as “budget reconciliation.”) Both are heavily laden with below-the-Beltway cynicism; for example, the sections of the bills eliminating Medicaid as we know it would not take effect until 2024, thus allowing Republicans to claim in their upcoming re-election campaigns that they voted to eliminate Federal handouts to the undeserving poor while at the same time not actually disadvantaging some of their constituents, and giving a future Congress the opportunity to reverse at least some of the damage before new rules take effect.
(For more details on the bills, see the many stories available online, including these, and also the excellent Twitter feed of Andy Slavitt, former Acting Adminstrator of the Centers for Medicare and Medicaid Services, who was responsible for implementing the Affordable Care Act. Here's a WaPo chart summarizing major changes the bills would make, and here are some highlights from Politico.)
The House and Senate bills are both more about tax reform and wealth redistribution — to the rich (e.g. handouts to the 1% — including the stupefyingly retroactive cut in capital gains tax for certain high-income taxpayers; how can anyone argue with a straight face that a retroactive cut will help incentivize investment?) and less about health reform, as is clear from the effects of the House bill, as scored by the CBO (the Senate bill's effects are reportedly slightly less extreme, thus angering great friends of the American people like Rand Paul and Ted Cruz, who thus far are demanding greater ruthlessness in exchange for their support). The Affordable Care Act funds health care coverage expansions through a series of taxes. (There is no free lunch.) The bills on the table will reduce Medicaid programs and will reduce premium support for private plans, thus inflicting great harm on the public. The anti-communitarian rugged individualism of the Republican bills, promoted by Congressional leadership who are apparently more scared of the Koch Bothers' ire and interested in holding onto their seats than they are devoted to protecting the interests of their constituents, throws all Americans under the bus — including those who this charade pretends to help. Even industrialists need a workforce that can get to work on a regular basis. Without the availability of basic healthcare coverage and healthcare services, we roll the calendar back to an earlier age, where morbidity and mortality rates were much higher: that inevitable increase in death and disease must be laid on the doorstep of Congressional Republicans. Who do they think they are serving?
We have all learned by now that statements made by 45 are not made for the truth of their content. Most are performative, dog-whistle statements intended to be heard in a certain way by certain constituencies. His campaign rhetoric on healthcare reform (repeal Obamacare, no change to coverage of pre-existing conditions, better coverage at lower cost, etc.) is no exception: it appealed to his base, but clearly was not ... LBJ supported the Great Society programs of the 1960s and got them through Congress doing what he did best: buttonholing and strong-arming his former colleagues on the Hill. He knew this victory would come at a cost —David Harlowhttp://feeds.healthblawg.com/~/380575100/_/healthblawg~Back-to-the-Future-Before-America-was-Great-Again.htmlhttps://healthblawg.com/2017/06/cybersecurity-task-force.htmlFederal Health Care Cybersecurity Task Force Issues Recommendations for Industryhttp://feedproxy.google.com/~r/HealthBlawg/~3/lxrhymxA9_g/healthblawg~Federal-Health-Care-Cybersecurity-Task-Force-Issues-Recommendations-for-Industry.html
http://feeds.healthblawg.com/~/380575106/_/healthblawg~Federal-Health-Care-Cybersecurity-Task-Force-Issues-Recommendations-for-Industry.html#commentsFri, 09 Jun 2017 12:54:37 +0000David Harlowhttp://healthblawg.com/?p=5080

]]>http://feeds.healthblawg.com/~/380575106/_/healthblawg~Federal-Health-Care-Cybersecurity-Task-Force-Issues-Recommendations-for-Industry.html/feed1Compliance,Digital Health,HIT,EHR,Health care policy,Health Law,HHS,OCR,Privacy,Security,HIPAAThe Health Care Industry Cybersecurity Task Force has issued its Report on Improving Cybersecurity in the Health Care Industry.
The task force's mandate was quite broad:
- Analyze how other industries have implemented strategies and safeguards to address cybersecurity threats; - Analyze challenges and barriers the health care industry encounters when securing itself against cyber-attacks; - Review challenges to secure networked medical devices and other software or systems that connect to an electronic health record; - Provide the Secretary with information to disseminate to health care industry stakeholders to improve their preparedness for, and response to, cybersecurity threats; - Establish a plan to create a single system for the Federal Government to share actionable intelligence regarding cybersecurity threats to the health care industry in near real time for no fee; and - Report to Congress on the findings and recommendations of the task force.
The report contains 100 recommendations (overall categories, or broad “imperatives,” and certain specific recommendations are highlighted here), but begins with the diagnosis: the patient is in critical condition, As noted in the graphic above, there is a severe lack of security talent, the system relies on vulnerable legacy equipment, Meaningful Use has driven the system prematurely into an “over-connected” state, the vulnerabilities have a direct impact on patient care, and there is an epidemic of known vulnerabilities across legacy health care technologies currently in use.
Against this backdrop, it is clear that a tremendous level of commitment will be required in order to address the crisis: high-level leadership, public and private sector financial resources, central coordination of efforts, legislative and regulatory changes to permit pooling of resources without fraud and abuse (anti-kickback) concerns, and more. These foundational elements will be needed in order to execute on the recommendations in the report across the broad categories outlined by the report's six “imperatives:”
-
Define and streamline leadership, governance, and expectations for health care industry cybersecurity. -
Increase the security and resilience of medical devices and health IT. -
Develop the health care workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities. -
Increase health care industry readiness through improved cybersecurity awareness and education. -
Identify mechanisms to protect research and development efforts and intellectual property from attacks or exposure. -
Improve information sharing of industry threats, weaknesses, and mitigations.
None of these is susceptible to a quick fix, and it is difficult to imagine the seismic shifts in the industry that would be required — cultural, financial, technical — occurring quickly or smoothly. Indeed, the task force sees the need to create a healthcare-specific version of the NIST cybersecurity framework. (The current framework is recognized under the HIPAA Security Rule as a key standard; recognition of a new framework would not necessarily require amendments to the Security Rule.) That alone will take a while. The rest of the 100 action items are similarly long-term recommendations. ________________________________________________________
Related: HIPAA Chat with Task Force member David Finn of Symantec
________________________________________________________
Meanwhile, cyberattacks will continue. Breaches due to human error will continue. Avarice will continue to drive more security breaches, including DDOS and ransomware attacks.
Recognizing this fact of life, OCR released a “quick response” cyber attack checklist and infographic yesterday.
A commitment to change on the scale required in order to combat the threat at hand demands strong leadership of a kind that ... The Health Care Industry Cybersecurity Task Force has issued its Report on Improving Cybersecurity in the Health Care Industry.
The task force's mandate was quite broad:
- Analyze how other industries have implemented strategies and safeguards ... David Harlowhttp://feeds.healthblawg.com/~/380575106/_/healthblawg~Federal-Health-Care-Cybersecurity-Task-Force-Issues-Recommendations-for-Industry.htmlDavid HarlownonadultDavid Harlow interviews thought leaders and newsmakers in health care law and policy